Digital Identity Blog

Mobile may be a bigger deal this holiday season than anyone ever imagined. Unfortunately, so might mobile threats. According to an article by Tech Crunch, on Black Friday, online sales from mobile devices accounted for $1.2 billion.

The problem: As mobile adoption accelerates, so will its profile as a lucrative attack vector for cybercriminals.

For evidence, look no further than the Cybercrime Report Q3 2016 from ThreatMetrix, which looks at key trends in the mobile space from July through September 2016—and offers a glimpse of mobile threats shaping every industry, not just retail, in this last quarter of the year.

Here’s a look at some of its key findings.

Glad Tidings: Mobile Hits New Milestones

For as long as anyone can remember, “The Year of Mobile” has always been just around the corner, never to fully materialize to the degree its proponents hoped. But if Q3 is any indication, we may discover retroactively that 2016 more than earned that moniker.

For starters, the percentage of mobile users was up dramatically across all industries in the third quarter, including the percentage of “mobile-only” users who are embracing the freedom and flexibility mobile offers for a growing number of transaction types (including logins of all kinds, account creation and payments.)

Across all industries, 43% of online transactions now come from mobile devices—nearly a 50% increase in just the last year.

Perhaps surprisingly, the strongest growth hasn’t come from retail, where transactions tend to be payments-based. Instead, the strongest surge comes from financial institutions. Transaction volumes there have grown nearly 260% compared to Q3 last year, mostly for mobile logins by users managing banking apps. About half of all new account originations come from mobile as well.

For now, all of this is good news in terms of cybercrime. Today, mobile transactions are targeted less often than those originating from the desktop web. But dangers lurk on the horizon.

Bad Santa: Battle of the Bots Ahead?

In Q2, we documented one of the first instances of a bot attacking a mobile app. In Q3, we detected a mobile browser bot targeting a major online retailer. In fact, up to 60% of mobile browser transactions to that e-tailer come from bots and scripted attacks.

Clearly, as consumers shift to mobile, cyber-crooks are beginning to shift along with them. The emergence of automated attacks targeting cross-border transactions will only exacerbate matters.

Why? Because such mobile threats are now outpacing similar attacks within domestic web traffic—which means they will soon impact the mobile channel, too.

Another troubling sign: Payment transactions rejected as fraudulent are up dramatically in all industries, especially for financial institutions, indicating a rise in criminals attempting to place fraudulent purchases.

Entering Whoville

So what comes next for mobile? Our Cybercrime Report Q3 2016 puts one finding in sharp relief: Today, identifying the bad guys is no longer the sole imperative when it comes to fraud prevention.

Instead, it’s about finding the legitimate customer among the vast swaths of bad transactions that at times can make up 90% of an organization’s digital traffic, during spikes in automated attacks.

In what promises to be the biggest digital holiday season ever, merchants and indeed organizations in every industry are under more pressure than ever to establish accurate authentication of digital identities.

Why? So they can reduce friction for legitimate customers—the who’s who in Whoville, to borrow the vernacular of the season—while keeping the Grinch at bay.

That battle has now officially gone mobile—and will only intensify toward the end of the year and beyond with mobile threats.

To learn more—along with insights on how to protect your business through the power of digital identity, check out the full Cybercrime Report Q3 2016 here.

Alisdair Faulkner

Chief Identity Officer, Business Services, LexisNexis Risk Solutions

Alisdair Faulkner leads the commercial markets and strategy function for fraud and identity management at LexisNexis Risk Solutions, Business Services. He was co-founder and Chief Products Officer for ThreatMetrix culminating in the 2018 acquisition by LexisNexis Risk Solutions. He now oversees the combined fraud and identity solutions for LexisNexis Risk Solutions and the ThreatMetrix Digital Identity Network.